IEEE 2018 / 19 - NS2 Projects

IEEE 2017:  Vehicular Cloud Data Collection for Intelligent Transportation Systems

IEEE 2017 Networking

Abstract: The Internet of Things (IoT) envisions to connect billions of sensors to the Internet, in order to provide new applications and services for smart cities. IoT will allow the evolution of the Internet of Vehicles (IoV) from existing Vehicular Ad hoc Networks (VANETs), in which the delivery of various services will be offered to drivers by integrating vehicles, sensors, and mobile devices into a global network. To serve VANET with computational resources, Vehicular Cloud Computing (VCC) is recently envisioned with the objective of providing traffic solutions to improve our daily driving. These solutions involve applications and services for the benefit of Intelligent Transportation Systems (ITS), which represent an important part of IoV. Data collection is an important aspect in ITS, which can effectively serve online travel systems with the aid of Vehicular Cloud (VC). In this paper, we involve the new paradigm of VCC to propose a data collection model for the benefit of ITS. We show via simulation results that the participation of low percentage of vehicles in a dynamic VC is sufficient to provide meaningful data collection

IEEE 2017: Optimizing Cloud-Service Performance: Efficient Resource Provisioning via Optimal Workload Allocation

IEEE 2017 Networking

Abstract:  Cloud computing is being widely accepted and utilized in the business world. From the perspective of businesses utilizing the cloud, it is critical to meet their customers’ requirements by achieving service-level-objectives. Hence, the ability to accurately characterize and optimize cloud-service performance is of great importance. In this paper a stochastic multi-tenant framework is proposed to model the service of customer requests in a cloud infrastructure composed of heterogeneous virtual machines. Two cloud service performance metrics are mathematically characterized, namely the percentile and the mean of the stochastic response time of a customer request, in closed form. Based upon the proposed multi-tenant framework, a workload allocation algorithm, termed maxmin- cloud algorithm, is then devised to optimize the performance of the cloud service. A rigorous optimality proof of the max-min-cloud algorithm is also given. Furthermore, the resource-provisioning problem in the cloud is also studied in light of the max-min-cloud algorithm. In particular, an efficient resource-provisioning strategy is proposed for serving dynamically arriving customer requests. These findings can be used by businesses to build a better understanding of how much virtual resource in the cloud they may need to meet customers’ expectations subject to cost constraints.

IEEE 2017: Cost Minimization Algorithms for Data Center Management

IEEE 2017 Networking

Abstract: Due to the increasing usage of cloud computing applications, it is important to minimize energy cost consumed by a data center, and simultaneously, to improve quality of service via data center management. One promising approach is to switch some servers in a data center to the idle mode for saving energy while to keep a suitable number of servers in the active mode for providing timely service. In this paper, we design both online and offline algorithms for this problem. For the offline algorithm, we formulate data center management as a cost minimization problem by considering energy cost, delay cost (to measure service quality), and switching cost (to change servers’s active/idle mode). Then, we analyze certain properties of an optimal solution which lead to a dynamic programming based algorithm. Moreover, by revising the solution procedure, we successfully eliminate the recursive procedure and achieve an optimal offline algorithm with a polynomial complexity. For the online algorithm, We design it by considering the worst case scenario for future workload. In simulation, we show this online algorithm can always provide near-optimal solutions.

IEEE 2017: Multi-party secret key agreement over state-dependent wireless broadcast channels

IEEE 2016 Networking

Abstract: We consider a group of m trusted and authenticated nodes that aim to create a shared secret key K over a wireless channel in the presence of an eavesdropper Eve. We assume that there exists a state dependent wireless broadcast channel from one of the honest nodes to the rest of them including Eve. All of the trusted nodes can also discuss over a cost-free, noiseless and unlimited rate public channel which is also overheard by Eve. For this setup, we develop an information-theoretically secure secret key agreement protocol. We show the optimality of this protocol for “linear deterministic” wireless broadcast channels. This model generalizes the packet erasure model studied in literature for wireless broadcast channels. Here, the main idea is to convert a deterministic channel to multiple independent erasure channels by using superposition coding. For “state-dependent Gaussian” wireless broadcast channels, by using insights from the deterministic problem, we propose an achievability scheme based on a multi-layer wiretap code. By using the wiretap code, we can mimic the phenomenon of converting the wireless channel to multiple independent erasure channels. Then, finding the best achievable secret key generation rate leads to solving a non-convex power allocation problem over these channels (layers). We show that using a dynamic programming algorithm, one can obtain the best power allocation for this problem. Moreover, we prove the optimality of the proposed achievability scheme for the regime of high-SNR and large-dynamic range over the channel states in the (generalized) degrees of freedom sense.

IEEE 2016: Modified AODV Routing Protocol to Improve Security and Performance against Black Hole Attack

IEEE 2016 Networking

Abstract— A Mobile Ad hoc NETwork (MANET) is a collection of autonomous nodes that have the ability to communicate with each other without having fixed infrastructure or centralized access point such as a base station. This kind of networks is very susceptible to adversary's malicious attacks, due to the dynamic changes of the network topology, trusting the nodes to each other, lack of fixed substructure for the analysis of nodes behaviors and constrained resources. One of these attacks is black hole attack. In this attack, malicious nodes inject fault routing information to the network and lead all data packets toward themselves, then destroy them all. In this paper, we propose a solution, which enhances the security of the Ad-hoc On-demand Distance Vector (AODV) routing protocol to encounter the black hole attacks. Our solution avoids the black hole and the multiple black hole attacks. The simulation results using the Network Simulator NS2 shows that our protocol provides better security and better performance in terms of the packet delivery ratio than the AODV routing protocol in the presence of one or multiple black hole attacks with marginal rise in average end-to-end delay and normalized routing overhead.

IEEE 2016 :An Enhanced Available Bandwidth Estimation Technique for an End-to-End Network Path

IEEE 2016 Networking

Abstract—This paper presents a unique probing scheme, a rate adjustment algorithm, and a modified excursion detection algorithm (EDA) for estimating the available bandwidth (ABW) of an end-to-end network path more accurately and less intrusively. The proposed algorithm is based on the well known concept of self-induced congestion and it features a unique probing train structure in which there is a region where packets are sampled more frequently than in other regions. This high-density region enables our algorithm to find the turning point more accurately. When the dynamic ABW is outside of this region, we readjust the lower rate and upper rate of the packet stream to fit the dynamic ABW into that region. We appropriately adjust the range between the lower rate and the upper rate using spread factors, which enables us to keep the number of packets low and we are thus able to measure the ABW less intrusively. Finally, to detect the ABW from the one-way queuing delay, we present a modified EDA from PathChirps’ original EDA to better deal with sudden increase and decrease in queuing delays due to cross traffic burstiness. For the experiments, an Android OS-based device was used to measure the ABW over a commercial 4G/LTE mobile network of a Japanese mobile operator, as well as real testbed measurements were conducted over fixed and WLAN network. Simulations and experimental results show that our algorithm can achieve ABW estimations in real time and outperforms other stat-of-the-art measurement algorithms in terms of accuracy, intrusiveness, and convergence time.

IEEE 2016 : STAMP: Enabling Privacy-Preserving Location Proofs for Mobile Users

IEEE 2016 Networking

Abstract—Location-based services are quickly becoming immensely popular. In addition to services based on users' current location, many potential services rely on users' location history, or their spatial-temporal provenance. Malicious users may lie about their spatial-temporal provenance without a carefully designed security system for users to prove their past locations. In this paper, we present the Spatial-Temporal provenance Assurance with Mutual Proofs (STAMP) scheme. STAMP is designed for ad-hoc mobile users generating location proofs for each other in a distributed setting. However, it can easily accommodate trusted mobile users and wireless access points. STAMP ensures the integrity and non-transferability of the location proofs and protects users' privacy. A semi-trusted Certification Authority is used to distribute cryptographic keys as well as guard users against collusion by a light-weight entropy-based trust evaluation approach. Our prototype implementation on the Android platform shows that STAMP is low-cost in terms of computational and storage resources. Extensive simulation experiments show that our entropy-based trust model is able to achieve high collusion detection accuracy.

IEEE 2016 : FRAppE: Detecting Malicious Facebook Applications

IEEE 2016 Networking

Abstract—With 20 million installs a day [1], third-party apps are a major reason for the popularity and addictiveness of Facebook. Unfortunately, hackers have realized the potential of using apps for spreading malware and spam. The problem is already significant, as we find that at least 13% of apps in our dataset are malicious. So far, the research community has focused on detecting malicious posts and campaigns.In this paper, we ask the question: given a Facebook application,can we determine if it is malicious? Our key contribution is in developing FRAppE—Facebook’s Rigorous Application Evaluator—arguably the first tool focused on detecting malicious apps on Facebook. To develop FRAppE, we use information gathered by observing the posting behavior of 111K Facebook apps seen across 2.2 million users on Facebook. First, we identify a set of features that help us distinguish malicious apps from benign ones. For example, we find that malicious apps often share names with other apps, and they typically request fewer permissions than benign apps. Second, leveraging these distinguishing features, we show that FRAppE can detect malicious apps with 99.5% accuracy, with no false positives and a low false negative rate (4.1%). Finally, we explore the ecosystem of malicious Facebook apps and identify mechanisms that these apps use to propagate. Interestingly, we find that many apps collude and support each other; in our dataset, we find 1,584 apps enabling the viral propagation of 3,723 other apps through their posts. Long-term, we see FRAppE as a step towards creating an independent watchdog for app assessment and ranking, so as to warn Facebook users before installing apps.

IEEE 2016: Toward Optimum Crowdsensing Coverage With Guaranteed Performance

IEEE 2016 Networking

Abstract—Mobile crowdsensing networks have emerged to show elegant data collection capability in loosely cooperative network. However, in the sense of coverage quality, marginal works have considered the efficient (less participants) and effective (more coverage) designs for mobile crowdsensing network. We investigate the optimal coverage problem in distributed crowdsensing networks. In that, the sensing quality and the information delivery are jointly considered. Different from the conventional coverage problem, ours only select a subset of mobile users, so as to maximize the crowdsensing coverage with limited budget. We formulate our concerns as an optimal crowdsensing coverage problem, and prove its NP-completeness. In tackling this difficulty, we also prove the submodular property in our problem. Leveraging the favorable property in submodular optimization, we present the greedy algorithm with approximationratio O(√k), where k is the number of selected users. Such that the information delivery and sensing coverage ratio could be guaranteed. Finally, we make extensive evaluations for the proposed scheme, with trace-driven tests. Evaluation results show that the proposed scheme could outperform the random selection by 2× with a random walk model, and over 3× with real trace data, in terms of crowdsensing coverage. Besides, the proposed scheme achieves near optimal solution comparing with the bruteforce search results.

IEEE 2016: PRISM: PRivacy-aware Interest Sharing and Matching in Mobile Social Networks

IEEE 2016 Networking

Abstract—In a profile matchmaking application of mobile social networks, users need to reveal their interests to each other in order to find the common interests. A malicious user may harm a user by knowing his personal information. Therefore, mutual interests need to be found in a privacy preserving manner. In this paper, we propose an efficient privacy protection and interests sharing protocol referred to as PRivacy-aware Interest Sharing and Matching (PRISM). PRISM enables users to discover mutual interests without revealing their interests. Unlike existing approaches, PRISM does not require revealing the interests to a trusted server. Moreover, the protocol considers attacking scenarios that have not been addressed previously and provides an efficient solution. The inherent mechanism reveals any cheating attempt by a malicious user. PRISM also proposes the procedure to eliminate Sybil attacks. We analyze the security of PRISM against both passive and active attacks. Through implementation, we also present a detailed analysis of the performance of PRISM and compare it with existing approaches. The results show the effectiveness of PRISM without any significant performance degradation.

IEEE 2016: JOKER: A Novel Opportunistic Routing Protocol

IEEE 2016 Networking

Abstract—The increase in multimedia services has put energy saving on the top of current demands for mobile devices. Unfortunately, batteries’ lifetime has not been as extended as it would be desirable. For that reason, reducing energy consumption in every task performed by these devices is crucial. In this work, a novel opportunistic routing protocol, called JOKER, is introduced. This proposal presents novelties in both the candidate selection and coordination phases, which permit increasing the performance of the network supporting multimedia traffic as well as enhancing the nodes’ energy efficiency. JOKER is compared in different-nature test-benches with BATMAN routing protocol, showing its superiority in supporting a demanding service such as video-streaming in terms of QoE, while achieving a power draining reduction in routing tasks.

IEEE 2016 : Software Defined Networking with Pseudonym Systems for Secure Vehicular Clouds

IEEE 2016 Networking

Abstract: The vehicular cloud is a promising new paradigm where vehicular networking and mobile cloud computing are elaborately integrated to enhance the quality of vehicular information services. Pseudonym is a resource for vehicles to protect their location privacy, which should be efficiently utilized to secure vehicular clouds. However, only a few existing architectures of pseudonym systems take flexibility and efficiency into consideration, thus leading to potential threats to location privacy. In this paper, we exploit software-defined networking technology to significantly extend the flexibility and programmability for pseudonym management in vehicular clouds. We propose a software-defined pseudonym system where the distributed pseudonym pools are promptly scheduled and elastically managed in a hierarchical manner. In order to decrease the system overhead due to the cost of inter-pool communications, we leverage the two-sided matching theory to formulate and solve the pseudonym resource scheduling.We conducted extensive simulations based on the real map of San Francisco. Numerical results indicate that the proposed software-defined pseudonym system significantly improves the pseudonym resource utilization, and meanwhile, effectively enhances the vehicles’ location privacy by raising their entropy.

IEEE 2016 : An Enhanced Available Bandwidth Estimation Technique for an End-to-End Network Path
IEEE 2016 Networking

Abstract: This paper presents a unique probing scheme, a rate adjustment algorithm, and a modified excursion detection algorithm (EDA) for estimating the available bandwidth (ABW) of an end-to-end network path more accurately and less intrusively. The proposed algorithm is based on the well known concept of self-induced congestion and it features a unique probing train structure in which there is a region where packets are sampled more frequently than in other regions. This high-density region enables our algorithm to find the turning point more accurately. When the dynamic ABW is outside of this region, we readjust the lower rate and upper rate of the packet stream to fit the dynamic ABW into that region.We appropriately adjust the range between the lower rate and the upper rate using spread factors, which enables us to keep the number of packets low and we are thus able to measure the ABW less intrusively. Finally, to detect the ABW from the one-way queuing delay, we present a modified EDA from PathChirps’ original EDA to better deal with sudden increase and decrease in queuing delays due to cross traffic burstiness. For the experiments, an Android OS-based device was used to measure the ABW over a commercial 4G/LTE mobile network of a Japanese mobile operator, as well as real testbed measurements were conducted over fixed and WLAN network. Simulations and experimental results show that our algorithm can achieve ABW estimations in real time and outperforms other stat-of-the-art measurement algorithms in terms of accuracy, intrusiveness, and convergence time.

IEEE 2016 : Privacy-Preserving Location Sharing Services for Social Networks

IEEE 2016 Networking

Abstract: A common functionality of many location-based social networking applications is a location sharing service that allows a group of friends to share their locations. With a potentially untrusted server, such a location sharing service may threaten the privacy of users. Existing solutions for Privacy-Preserving Location Sharing Services (PPLSS) require a trusted third party that has access to the exact location of all users in the system or rely on expensive algorithms or protocols in terms of computational or communication overhead. Other solutions can only provide approximate query answers. To overcome these limitations, we propose a new encryption notion, called Order-Retrievable Encryption (ORE), for PPLSS for social networking applications. The distinguishing characteristics of our PPLSS are that it (1) allows a group of friends to share their exact locations without the need of any third party or leaking any location information to any server or users outside the group, (2) achieves low computational and communication cost by allowing users to receive the exact location of their friends without requiring any direct communication between users or multiple rounds of communication between a user and a server, (3) provides efficient query processing by designing an index structure for our ORE scheme, (4) supports dynamic location updates, and (5) provides personalized privacy protection within a group of friends by specifying a maximum distance where a user is willing to be located by his/her friends. Experimental results show that the computational and communication cost of our PPLSS is much better than the state-of-the-art solution.

IEEE 2015 : Cost-Aware SEcure Routing (CASER) Protocol Design for Wireless Sensor Networks

IEEE 2015 Transactions  on  Networkings

Abstract— Lifetime optimization and security are two conflicting design issues for multi-hop wireless sensor networks (WSNs) with non-replenishable energy resources. In this paper, we first propose a novel secure and efficient Cost-Aware SEcure Routing (CASER) protocol to address these two conflicting issues through two adjustable parameters: energy balance control (EBC) and probabilistic based random walking. We then discover that the energy consumption is severely disproportional to the uniform energy deployment for the given network topology, which greatly reduces the lifetime of the sensor networks. To solve this problem, we propose an efficient non-uniform energy deployment strategy to optimize the lifetime and message delivery ratio under the same energy resource and security requirement. We also provide a quantitative security analysis on the proposed routing protocol. Our theoretical analysis and OPNET simulation results demonstrate that the proposed CASER protocol can provide an excellent tradeoff between routing efficiency and energy balance, and can significantly extend the lifetime of the sensor networks in all scenarios. For the non-uniform energy deployment, our analysis shows that we can increase the lifetime and the total number of messages that can be delivered by more than four times under the same assumption. We also demonstrate that the proposed CASER protocol can achieve a high message delivery ratio while preventing routing trace back attacks.

IEEE 2015  :Efficient and Truthful Bandwidth Allocation in Wireless Mesh Community Networks

IEEE 2015 Transactions  on  Networking

Abstract—Nowadays, the maintenance costs of wireless devices represent one of the main limitations to the deployment of wireless mesh networks (WMNs) as a means to provide Internet access in urban and rural areas. A promising solution to this issue is to let the WMN operator lease its available bandwidth to a subset of customers, forming a wireless mesh community network, in order to increase network coverage and the number of residential users it can serve. In this paper, we propose and analyze an innovative marketplace to allocate the available bandwidth of a WMN operator to those customers who are willing to pay the higher price for the requested bandwidth, which in turn can be subleased to other residential users. We formulate the allocation mechanism as a combinatorial truthful auction considering the key features of wireless multihop networks and further present a greedy algorithm that finds efficient and fair allocations even for large-scale, real scenarios while maintaining the truthfulness property. Numerical results show that the greedy algorithm represents an efficient, fair, and practical alternative to the combinatorial auction mechanism.

IEEE 2015 : Neighbor Discovery in Wireless Networks with Multipacket  Reception

 IEEE 2015 Transactions  on  Networking

Abstract— Neighbor discovery is one of the first steps in configuring and managing a wireless network. Most existing studies on neighbor discovery assume a single-packet reception model where only a single packet can be received successfully at a receiver. In this paper, motivated by the increasing prevalence of multi packet reception (MPR) technologies such as CDMA and MIMO, we study neighbor discovery in MPR networks that allow multiple packets to be received successfully at a receiver. More specifically, we design and analyze a series of randomized algorithms for neighbor discovery in MPR networks. We start with a simple Aloha-like algorithm that assumes synchronous node transmissions and the number of neighbors, n, is known. We show that the time for all the nodes to discover their respective neighbors is Θ(ln n) in an idealized MPR network that allows an arbitrary number of nodes to transmit simultaneously. In a more realistic scenario, in which no more than k nodes can transmit simultaneously, we show that the time to discover all neighbors is Θ(n ln n k ). When a node knows whether its transmission is successful or not (e.g., based on feedbacks from other nodes), we design an adaptive Aloha-like algorithm that dynamically determines the transmission probability for each node, and show that it yields a ln n improvement over the simple Aloha-like scheme. Last, we extend our schemes to take into account a number of practical considerations, such as lack of knowledge of the number of neighbors and asynchronous algorithm operation, while resulting in only a constant or log n factor slowdown in algorithm performance.

IEEE 2015 : Improving Physical-Layer Security in Wireless Communications Using Diversity Techniques

IEEE 2015 Transactions  on  Networking

Abstract— Due to the broadcast nature of radio propagation, the wireless transmission can be readily overheard by unauthorized users for interception purposes and is thus highly vulnerable to eavesdropping attacks. To this end, physical-layer security is emerging as a promising paradigm to protect the wireless communications against eavesdropping attacks by exploiting the physical characteristics of wireless channels. This article is focused on the investigation of diversity techniques to improve the physical layer security, differing from the conventional artificial noise generation and beam forming techniques which typically consume additional power for generating artificial noise and exhibit high implementation complexity for beam former design. We present several diversity approaches to improve the wireless physical-layer security, including the multiple-input multiple-output (MIMO), multiuser diversity, and cooperative diversity. To illustrate the security improvement through diversity, we propose a case study of exploiting cooperative relays to assist the signal transmission from source to destination while defending against eavesdropping attacks. We evaluate the security performance of cooperative relay transmission in Rayleigh fading environments in terms of secrecy capacity and intercept probability. It is shown that as the number of relays increases, the secrecy capacity and intercept probability of the cooperative relay transmission both improve significantly, implying the advantage of exploiting cooperative diversity to improve the physical-layer security against eavesdropping attacks.

IEEE 2015 : Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Computing

IEEE 2015 Transactions  on  Networking

Abstract— Cloud computing is emerging as a prevalent data interactive paradigm to realize users’ data remotely stored in an online cloud server. Cloud services provide great conveniences for the users to enjoy the on-demand cloud applications without considering the local infrastructure limitations. During the data accessing, different users may be in a collaborative relationship, and thus data sharing becomes significant to achieve productive benefits. The existing security solutions mainly focus on the authentication to realize that a user’s privative data cannot be unauthorized accessed, but neglect a subtle privacy issue during a user challenging the cloud server to request other users for data sharing. The challenged access request itself may reveal the user’s privacy no matter whether or not it can obtain the data access permissions. In this paper, we propose a shared authority based privacy-preserving authentication protocol (SAPA) to address above privacy issue for cloud storage. In the SAPA, 1) shared access authority is achieved by anonymous access request matching mechanism with security and privacy considerations (e.g., authentication, data anonymity, user privacy, and forward security); 2) attribute based access control is adopted to realize that the user can only access its own data fields; 3) proxy re-encryption is applied by the cloud server to provide data sharing among the multiple users. Meanwhile, universal compos ability (UC) model is established to prove that the SAPA theoretically has the design correctness. It indicates that the proposed protocol realizing privacy-preserving data access authority sharing, is attractive for multi-user collaborative cloud applications.

IEEE 2015 : Opportunistic Routing with Congestion Diversity in Wireless Multi-hop Networks

IEEE 2015 Transactions  on  Networking

Abstract— This paper considers the problem of routing packets across a multi-hop network consisting of multiple sources of traffic and wireless links with stochastic reliability while ensuring bounded expected delay. Each packet transmission can be overheard by a random subset of receiver nodes among which the next relay/router is selected opportunistically. The main challenge in the design of minimum-delay routing policies is balancing the tradeoff between routing the packets along the shortest paths to the destination and controlling the congestion and distributing traffic uniformly across the network. Simple opportunistic variants of shortest path routing may, under heavy traffic scenarios, result in severe congestion and unbounded delay. While the opportunistic variants of backpressure, which ensure a bounded expected delay, are known to exhibit extremely poor delay performance at low to medium traffic conditions. Combining important aspects of shortest path routing with those of backpressure routing, this paper provides an opportunistic routing policy with congestion diversity (ORCD). ORCD uses a measure of draining time to opportunistically identify and route packets along the paths with an expected low overall congestion. Using a novel Lyapunov function construction, ORCD is proved to ensure a bounded expected delay for all networks and under any admissible traffic (without any knowledge of traffic statistics). Furthermore, the expected delay encountered by the packets in the network under ORCD is compared against known existing routing policies via simulations and substantial improvements are observed. Finally, the paper proposes practical implementations and discusses criticality of various assumptions in the analysis.

IEEE 2015 : Path Reconstruction in Dynamic Wireless Sensor Networks Using Compressive Sensing

IEEE 2015 Transactions  on  Networking

Abstract—  This paper presents CSPR, a compressive sensing based approach for path reconstruction in wireless sensor networks. By viewing the whole network as a path representation space, an arbitrary routing path can be represented by a path vector in the space. As path length is usually much smaller than the network size, such path vectors are sparse, i.e., the majority of elements are zeros. By encoding sparse path representation into packets, the path vector (and thus the represented path) can be recovered from a small amount of packets using compressive sensing technique. CSPR formalizes the sparse path representation and enables accurate and efficient per-packet path reconstruction. CSPR is invulnerable to network dynamics and lossy links due to its distinct design. A set of optimization techniques are further proposed to improve the design. We evaluate CSPR in both testbed-based experiments and large scale trace-driven simulations. Evaluation results show that CSPR achieves high path recovery accuracy (i.e., 100% and 96% in experiments and simulations, respectively), and outperforms the state-of the- art approaches in various network settings.

IEEE 2015 : REAL - A Reciprocal Protocol for Location Privacy in Wireless Sensor Networks

IEEE 2015 Transactions  on  Networking

Abstract—  K-anonymity has been used to protect location privacy for location monitoring services in wireless sensor networks (WSNs), where sensor nodes work together to report k-anonymized aggregate locations to a server. Each k-anonymized aggregate location is a cloaked area that contains at least k persons. However, we identify an attack model to show that overlapping aggregate locations still pose privacy risks because an adversary can infer some overlapping areas with less than k persons that violates the k-anonymity privacy requirement. In this paper, we propose a reciprocal protocol for location privacy (REAL) in WSNs. In REAL, sensor nodes are required to autonomously organize their sensing areas into a set of non-overlapping and highly accurate k-anonymized aggregate locations. To confront the three key challenges in REAL, namely, self-organization, reciprocity property and high accuracy, we design a state transition process, a locking mechanism and a time delay mechanism, respectively. We compare the performance of REAL with current protocols through simulated experiments. The results show that REAL protects location privacy, provides more accurate query answers, and reduces communication and computational costs.

IEEE 2015 : Real-Time Path Planning Based on  Hybrid-VANET-Enhanced Transportation  System

IEEE 2015 Transactions  on  Networking

Abstract—  Real-time path planning can efficiently relieve traffic congestion in urban scenarios. However, how to design an efficient path planning algorithm to achieve a globally optimal vehicle traffic control still remains a challenging problem, especially when we take drivers’ individual preferences into consideration. In this paper, we first establish a hybrid intelligent transportation system (ITS), i.e., a hybrid-VANET-enhanced ITS, which utilizes both vehicular ad hoc networks (VANETs) and cellular systems of the public transportation system to enable real-time communications among vehicles, road-side units (RSUs), and a vehicle-traffic server in an efficient way. Then, we propose a real-time path planning algorithm, which not only improves the overall spatial utilization of a road network but also reduces average vehicle travel cost for avoiding vehicles from getting stuck in congestion. Stochastic Lyapunov optimization technique is exploited to address the globally optimal path planning problem. Finally, the transmission delay of the hybrid VANET enhanced ITS is evaluated in VISSIM to show the timeliness of the proposed communication framework. Besides, system-level simulations conducted in Java demonstrate that the proposed path planning algorithm outperforms the traditional distributed path planning in terms of balancing the spatial utilization and drivers’ travel cost.

IEEE 2015 : Secure Data Aggregation Technique for Wireless Sensor Networks in the Presence of Collusion  Attacks

IEEE 2015 Transactions  on  Networking

Abstract—  At present, due to limited computational power and energy resources of sensor nodes, aggregation of data from multiple sensor nodes done at the aggregating node is usually accomplished by simple methods such as averaging. However, such aggregation has been known to be highly vulnerable to node compromising attacks. Since WSN are usually unattended and without tamper resistant hardware, they are highly susceptible to such attacks. Thus, ascertaining trust- worthiness of data and reputation of sensor nodes has become crucially important for WSN. As the performance of very low power processors dramatically improves and their cost is drastically reduced, future aggregator nodes will be capable of performing more sophisticated data aggregation algorithms, which will make WSN less vulnerable to severe impact of compromised nodes. Iterative  filtering algorithms hold great promise for such a purpose. Such algorithms simultaneously aggregate data from multiple sources and provide trust assessment of these sources, usually in a form of corresponding weight factors assigned to data provided by each source. In this paper we demonstrate that a number of existing iterative filtering algorithms, while significantly more robust against collusion attacks than the simple averaging methods, are nevertheless susceptive to a novel sophisticated collusion attack we introduce. To address this security issue, we propose an improvement for iterative filtering techniques by providing an initial approximation for such algorithms which makes them not only collusion robust, but also more accurate and faster converging. We believe that so modified iterative filtering algorithms have a great potential for deployment in the future WSN.

 

IEEE 2015 : A Secure Scheme for Power Exhausting Attacks in Wireless Sensor Networks

IEEE 2015 Transactions  on  Networking

Abstract— Security and energy efficiency are the most important concerns in wireless sensor networks (WSNs) design. To save the power and extend the lifetime of WSNs, various media access control (MAC) protocols are proposed. Most traditional security solutions can not be applied in the WSNs due to the limitation of power supply. The well-known security mechanisms usually awake the sensor nodes before the sensor nodes can execute the security processes. However, the Denial-of-Sleep attacks can exhaust the energy of sensor nodes and shorten the lifetime of WSNs rapidly. Therefore, the existing designs of MAC protocol are insufficient to protect the WSNs from Denial-of-Sleep attack in MAC layer. The practical design is to simplify the authenticating process in order to enhance the performance of the MAC protocol in countering the power exhausting attacks. This paper proposes a cross-layer design of securescheme integrating the MAC protocol. The analyses show that the proposed scheme can counter the replay attack and forge attack in an energy-efficient way.

IEEE 2015: Time-Delayed Broadcasting for Defeating Inside Jammers

IEEE 2015 Transactions  on  Networking

Abstract— We address the problem of jamming-resistant broadcast communications under an internal threat model. We propose a time delayed broadcast scheme (TDBS), which implements the broadcast operation as a series of unicast transmissions distributed in frequency and time. TDBS does not rely on commonly shared secrets, or the existence of jamming-immune control channels for coordinating broadcasts. Instead, each node follows a unique pseudo-noise (PN) frequency hopping sequence. Contrary to conventional PN sequences designed for multi-access systems, the PN sequences in TDBS exhibit correlation to enable broadcast. Moreover, they are designed to limit the information leakage due to the exposure of a subset of sequences by compromised nodes. We map the problem of constructing such PN sequences to the 1-factorization problem for complete graphs. We further accommodate dynamic broadcast groups by mapping the problem of updating the assigned PN sequences to the problem of constructing rainbow paths in proper edge-colored graphs.

IEEE:2014 An Optimal Distributed Malware Defense System for Mobile Networks with  Heterogeneous Devices

IEEE 2014 Transactions on Mobile Computing

Abstract— As malware attacks become more frequent in mobile networks, deploying an efficient defense system to protect against infection and to help the infected nodes to recover is important to Contain serious spreading and outbreaks. The technical challenges are that mobile devices are heterogeneous in terms of operating systems, and the malware can infect the targeted system in any opportunistic fashion via local and global connectivity, while the to-be-deployed defense system on the other hand would be usually resource limited. In this paper, we investigate the problem of optimal distribution of content-based signatures of malware to minimize the number of infected nodes, which can help to detect the corresponding malware and to disable further propagation. We model the defense system with realistic assumptions addressing all the above challenges, which have not been addressed in previous analytical work. Based on the proposed framework of optimizing the system welfare utility through the signature allocation, we provide an encounter-based distributed algorithm based on Metropolis sampler. Through extensive simulations with both synthetic and real mobility traces, we show that the distributed algorithm achieves the optimal solution, and performs efficiently in realistic environments.

IEEE 2014: Behavioral Detection and Containment of Proximity Malware in Delay Tolerant Networks

IEEE 2014 Transactions on  Parallel and Distributed Systems

Abstract—with the universal presence of short-range connectivity technologies (e.g., Bluetooth and, more recently, Wi-Fi Direct) in the consumer electronics market, the delay tolerant-network (DTN) model is becoming a viable alternative to the traditional infrastructural model. Proximity malware, Which exploits the temporal dimension and distributed nature of DTNs in self-propagation, poses threats to users of new technologies? In this paper, we address the proximity malware detection and containment problem with explicit consideration for the unique characteristics of DTNs. We formulate the malware detection process as a decision problem under a general behavioral malware characterization framework. We analyze the risk associated with the decision problem and design a simple yet effective malware containment strategy, look-ahead, which is distributed by nature and reflects an individual node’s intrinsic trade-off between staying connected (with other nodes) and staying safe (from malware). Furthermore, we consider the benefits of sharing assessments among directly connected nodes and address the challenges derived from the DTN model to such sharing in the presence of liars (i.e., malicious nodes sharing false assessments) and defectors (i.e., good nodes that have turned malicious due to malware infection). 

Dynamic Trust Management for Delay Tolerant Networks and Its Application to Secure Routing

IEEE 2014  Transactions on Parallel and Distributed Systems

Abstract—Delay tolerant networks (DTNs) are characterized by high end-to-end latency, frequent disconnection, and opportunistic communication over unreliable wireless links. In this paper, we design and validate a dynamic trust management protocol for secure routing optimization in DTN environments in the presence of well-behaved, selfish and malicious nodes. We develop a novel model-based methodology for the analysis of our trust protocol and validate it via extensive simulation. Moreover, we address dynamic trust management, i.e., determining and applying the best operational settings at runtime in response to dynamically changing network conditions to minimize trust bias and to maximize the routing application performance. We perform a comparative analysis of our proposed routing protocol against Bayesian trust-based and non-trust based (PROPHET and epidemic) routing protocols. The results demonstrate that our protocol is able to deal with selfish behaviors and is resilient against trust-related attacks. Furthermore, our trust-based routing protocol can effectively trade off message overhead and message delay for a significant gain in delivery ratio. Our trust-based routing protocol operating under identified best settings outperforms Bayesian trust-based routing and PROPHET, and approaches the ideal performance of epidemic routing in delivery ratio and message delay without incurring high message or protocol maintenance overhead.

E-MACs: Towards More Secure and More Efficient Constructions of Secure Channels

IEEE 2014 Transactions on Computer

Abstract—In cryptography, secure channels enable the confidential and authenticated message exchange between authorized users. A generic approach of constructing such channels is by combining an encryption primitive with an authentication primitive (MAC). In this work, we introduce the design of a new cryptographic primitive to be used in the construction of secure channels. Instead of using general purpose MACs, we propose the deployment of special purpose MACs, named E-MACs. The main motivation behind this work is the observation that, since the message must be both encrypted and authenticated, there might be some redundancy in the computations performed by the two primitives. Therefore, removing such redundancy can improve the efficiency of the overall composition. Moreover, computations performed by the encryption algorithm can be further utilized to improve the security of the authentication algorithm. In particular, we will show how E-MACs can be designed to reduce the amount of computation required by standard MACs based on universal hash functions, and show how E-MACs can be secured against key-recovery attacks.

Optimal Multicast Capacity and Delay Tradeoffs in MANETs

IEEE 2014  Transactions on Mobile Computing 

Abstract—In this paper, we give a global perspective of multicast capacity and delay analysis in Mobile Ad Hoc Networks (MANETs). Specifically, we consider four node mobility models: (1) two-dimensional i.i.d. mobility, (2) two-dimensional hybrid random walk, (3) one-dimensional i.i.d. mobility, and (4) one-dimensional hybrid random walk. Two mobility time-scales are investigated in this paper: (i) Fast mobility where node mobility is at the same time-scale as data transmissions; (ii) Slow mobility where node mobility is assumed to occur at a much slower time-scale than data transmissions. Given a delay constraint D, we first characterize the optimal multicast capacity for each of the eight types of mobility models, and then we develop a scheme that can achieve a capacity-delay tradeoff close to the upper bound up to a logarithmic factor. In addition, we also study heterogeneous networks with infrastructure support.

STARS: A Statistical Traffic Pattern Discovery System for Anonymous MANET communications

IEEE  2014 Transactions on Dependable and Secure Computing

Abstract—Anonymous MANET routing relies on techniques such as re-encryption on each hop to hide end-to-end communication relations. However, passive signal detectors and traffic analyzers can still retrieve sensitive information from PHY and MAC layers to derive end-to-end communication relations through statistical traffic analysis. In this paper, we propose a Statistical Traffic pattern discovery System (STARS) based on Eigen analysis which can greatly improve the accuracy to derive traffic patterns in MANETs. A STAR intends to find out the sources and destinations of captured packets and to discover the end-to-end communication relations. The proposed approach is purely passive. It does not require analyzers to be actively involved in MANET transmissions and to possess encryption keys to decrypt traffic. We present theoretical models as well as extensive simulations to demonstrate our solutions.

IEEE 2013: Security Analysis of a Single Sign-On Mechanism for Distributed Computer Networks

IEEE 2013 Transactions on Industrial Informatics 

Abstract—Single sign-on (SSO) is a new authentication mechanism that enables a legal user with a single credential to be authenticated by multiple service providers in a distributed computer network. Recently, Chang and Lee proposed a new SSO scheme and claimed its security by providing well-organized security arguments. In this paper, however, we demonstrative that their scheme is actually insecure as it fail to meet credential privacy and soundness of authentication. Specifically, we present two Impersonation attacks. The first attack allows a malicious service provider, who has successfully communicated with a legal user twice, to recover the user’s credential and then to impersonate the user to access resources and services offered by other service providers. In another attack, an outsider without any credential may be able to enjoy network services freely by impersonating any legal user or a nonexistent user. We identify the flaws in their security arguments to explain why attacks are possible against their SSO scheme. Our attacks also apply to another SSO scheme proposed by Hsu and Chuang, which inspired the design of the Chang–Lee scheme. Moreover, by employing an efficient verifiable encryption of RSA signatures proposed by Ateniese, we propose an improvement for repairing the Chang–Lee scheme. We promote the formal study of the soundness of authentication as one open problem.

IEEE 2013: Vampire Attacks: Draining Life from Wireless Ad Hoc Sensor Networks s 

IEEE 2013 Transactions on Mobile Computing 

Abstract—Ad hoc low-power wireless networks are an exciting research direction in sensing and pervasive computing. Prior security work in this area has focused primarily on denial of communication at the routing or medium access control levels. This paper explores resource depletion attacks at the routing protocol layer, which permanently disable networks by quickly draining nodes’ battery power. These “Vampire” attacks are not specific to any specific protocol, but rather rely on the properties of many popular classes of routing protocols. We find that all examined protocols are susceptible to Vampire attacks, which are devastating, difficult to detect, and are easy to carry out using as few as one malicious insider sending only protocol-compliant messages. In the worst case, a single Vampire can increase network-wide energy usage by a factor of OðNÞ, where N in the number of network nodes. We discuss methods to mitigate these types of attacks, including a new proof-of-concept protocol that provably bounds the damage caused by Vampires during the packet forwarding phase.

IEEE 2013: Virtually Transparent Epidermal Imagery (VTEI): On New Approaches to In Vivo Wireless High-Definition Video and Image Processing

IEEE Transactions on Parallel and Distributed Systems 

Abstract—This work first overviews a novel design, and prototype implementation, of a virtually transparent epidermal imagery (VTEI) system for laparo-endoscopic single-site (LESS) surgery. The system uses a network of multiple, micro-cameras and multiview mosaic king to obtain a panoramic view of the surgery area. The prototype VTEI system also projects the generated panoramic view on the abdomen area to create a transparent display effect that mimics equivalent, but higher risk, open-cavity surgeries. The specific research focus of this paper is on two important aspects of a VTEI system:  in vivo wireless high-definition (HD) video transmission and multi-image processing—both of which play key roles in next-generation systems. For transmission and reception, this paper proposes a theoretical wireless communication scheme for high-definition video in situations that require extremely small-footprint image sensors and in zero-latency applications. In such situations the typical optimized metrics in communication schemes, such as power and data rate, are far less important than latency and hardware footprint that absolutely preclude their use if not satisfied. This work proposes the use of a novel Frequency-Modulated Voltage-Division Multiplexing (FM-VDM) scheme where sensor data is kept analog and transmitted via “voltage-multiplexed” signals that are also frequency-modulated. Once images are received, a novel Homographic Image Mosaicking and Morphing (HIMM) algorithm is proposed to stitch images from respective cameras that also compensates for irregular surfaces in real-time, into a single cohesive view of the surgical area. In VTEI, this view is then visible to the surgeon directly on the patient to give an “open cavity” feel to laparoscopic procedures.